CODEWITHSUNDEEP
phpauthenticationpostnamespacesinclude
jeffery_the_wind
jeffery_the_wind

Reputation: 18158

PHP AJAX Joomla Authentication Script

I have a PHP script like this:

<?php
include 'authorization_script.php';

foreach ($_POST as $key => $value){
    //do something here
}
?>

The problem is if the "authorization_script.php" is passed a $_POST variable with only a numeric name, the script will crash. Instead of fixing that issue, I just wish to make sure no $_POST variables are ever passed to the include script.

For it to work this "authorization_script" does not need any external variables, but since $_POST variables are global by default, they are passed to this script. It was suggested in one of my previous questions that I can solve this problem with name spaces in PHP.

Could I change the namespace of the $_POST variables so that they are not passed to the include script? If so, can someone help on how to do that? Or is there a better way?

Thx

EDIT: Instead of hacking my way out of this by renamig the $_POST variable, like a few of you have suggested I should fix the real problem. This is an AJAX script inside a Joomla website. When I call this ajax script I still want to authenticate the user, then grade credentials from the local database. The way I found to authenticate users from the AJAX script is like this:

define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__));
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );

/* Create the Application */
$mainframe =& JFactory::getApplication('site');

/* Make sure we are logged in at all. */
if (JFactory::getUser()->id == 0)
    die("Access denied: login required.");

I think the error is being thrown form inside the joomla framework script (line 528 on this script).

Any ideas of a better way to authenticate the users from experienced Joomla people?

Upvotes: 1

Views: 253

Answers (3)

Kaii
Kaii

Reputation: 20540

or if you dont want to fix your include script, you could do this awful hack:

<?php
// watch this ugly hack
$post_hack = $_POST;
unset($_POST);
include 'authorization_script.php';
$_POST = $post_hack;

foreach ($_POST as $key => $value){
    //do something here
}
?>

Upvotes: 3

Derk Arts
Derk Arts

Reputation: 3460

Right this is very ugly, but should fix it:

<?php
$aPost = $_POST;
unset($_POST);
include 'authorization_script.php';

foreach ($aPost as $key => $value){
    //do something here
}
?>

Upvotes: 0

Alex Howansky
Alex Howansky

Reputation: 53533

Could I change the namespace of the $_POST variables so that they are not passed to the include script?

No. Globals are global regardless of namespace.

Or is there a better way?

Fix the include script. You should endeavour to make your code resilient to bad input -- especially code that performs authorization.

Upvotes: 0

Related Questions